FBI WARNS OF DRAMATIC INCREASE IN BUSINESS E-MAIL SCAMS
The FBI has released an alert warning potential victims of a sharp rise in criminals forging emails from executives authorizing payments. From 10/2013 through 2/2016, there have been 17,642 reported victims, with more than $2,300,000,000 in losses. This is a 270% increase in such crime since 1/2015.
The FBI alert offers these tips for businesses:
- Be wary of e-mail-only wire transfer requests and requests involving urgency.
- Pick up the phone and verify legitimate business partners.
- Be cautions of mimicked e-mail addresses.
- Practice multi-level authentication.
This last tip is the most important. It is effortless to mimic an email address. You can change your email settings in under a minute so that it appears your email actually came from anyone!
The fix for this vulnerability is to implement either PGP/GPG, or S/MIME email encryption. When implementing either of these encryption protocols, received email will validate if the sender is actually who they claim to be.
Both of these systems work on the principle of private/public keys. PGP/GPG is free to configure, and your private key stays with you, making it impossible for the government to access and use against you. However, it is still in early stages with mobile devices. S/MIME will cost you from $12-$200 per year per email address, and is managed through vendors who can perform background checks to verify identities. However, your private keys are stored with these vendors, making it possible for governments (and other criminals) to access your private key, giving them access to all of your email. If using S/MIME, I recommend picking a vendor residing in a country immune from National Security Letter pressure.
Full step-by-step instructions for how to quickly configure GPG and S/MIME can be found in each of the Practical Paranoia Security Essentials books for Android, iOS, OS X, and Windows. And of course you can always call upon your security experts, Mintz InfoTech, Inc. to do it for you.